"Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel"

"Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel"

Attackers could use a new technique to evade Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, resulting in Operating System (OS) downgrade attacks. According to SafeBreach researcher Alon Leviev, this bypass enables attackers to deploy custom rootkits capable of neutralizing security controls, hiding processes and network activity, maintaining stealth, and more by loading unsigned kernel drivers. This article continues to discuss the OS downgrade flaw.

Submitted by Gregory Rigby on

"US Says Chinese Hackers Breached Multiple Telecom Providers"

"US Says Chinese Hackers Breached Multiple Telecom Providers"

The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have disclosed that hackers affiliated with the People's Republic of China (PRC) breached US commercial telecommunications service providers. At the beginning of October, it was revealed that "Salt Typhoon," a Chinese hacking group, breached Verizon, AT&T, and Lumen Technologies. This article continues to discuss warnings regarding Chinese hackers breaching telecommunications providers.

Submitted by Gregory Rigby on

"Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks"

"Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks"

The "Fog" and "Akira" ransomware operators are using SonicWall Virtual Private Network (VPN) accounts to breach corporate networks. They are suspected of exploiting a critical SSL VPN access control flaw. SonicWall patched the SonicOS flaw in late August 2024, but a week later warned of active exploitation. At the same time, researchers at Arctic Wolf reported observing the exploitation of the vulnerability by Akira ransomware affiliate to gain initial access to victim networks.

Submitted by Gregory Rigby on

"Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials"

"Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials"

Researchers at Netskope Threat Labs warn of an increase in phishing pages created with the website builder tool Webflow, as threat actors continue to exploit legitimate services such as Cloudflare and Microsoft Sway for their own benefit. According to Netskope Threat Labs researcher Jan Michael Alcantara, the campaigns target sensitive information from Coinbase, MetaMask, Phantom, and other cryptocurrency wallets. They also target credentials for multiple company webmail platforms and Microsoft 365 login credentials.

Submitted by Gregory Rigby on

"Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks"

"Black Basta Ransomware Poses as IT Support on Microsoft Teams to Breach Networks"

The "Black Basta" ransomware operation now uses Microsoft Teams to pose as corporate help desks contacting employees about a spam attack. Since April 2022, Black Basta has launched hundreds of ransomware attacks on corporations. Due to a series of "embarrassing" data breaches, the Conti cybercrime syndicate shut down in June 2022 and split into several groups, including Black Basta. This article continues to discuss new findings regarding the Black Basta ransomware.

Submitted by Gregory Rigby on

"AI-Powered BEC Scams Zero in on Manufacturers"

"AI-Powered BEC Scams Zero in on Manufacturers"

Vipre Security Group reports that Business Email Compromise (BEC) threats now account for over half of all phishing attempts, with manufacturers hit hardest. The security vendor's "Email Threat Trends Report: Q3 2024. revealed that about 12 percent of the 1.8 billion emails that Vipre processed during Q3 were classified as malicious, with BEC making up 58 percent of phishing attempts. Vipre also found that 36 percent of BEC samples were generated by Artificial Intelligence (AI). This article continues to discuss key findings regarding BEC attacks conducted in Q3.

Submitted by Gregory Rigby on

"Law Enforcement Operation Takes Down Redline and Meta Infostealers"

"Law Enforcement Operation Takes Down Redline and Meta Infostealers"

A global law enforcement operation has recently disrupted infrastructure for the Redline and Meta infostealers, malware tools widely used by cybercriminal groups to steal sensitive personal data.  Operation Magnus took place on October 28, with law enforcement shutting down three servers used to run the malware in the Netherlands and the seizure of two domains.  It was noted that this means the malware no longer functions and cannot currently be used to steal new data from infected victims.

Submitted by Adam Ekwall on

"ICO: 55% of UK Adults Have Had Data Lost or Stolen"

"ICO: 55% of UK Adults Have Had Data Lost or Stolen"

The UK’s privacy watchdog has recently issued a stern warning to the nation’s organizations to improve their data protection posture after revealing that over half of adults have had their personal information lost or stolen.  John Edwards, the information commissioner, revealed the figures, arguing that companies often forget the toll that data compromise can take on victims.  Edwards noted that 55% of adults have had their data lost or stolen, which amounts to about nearly 30 million people in the UK.

Submitted by Adam Ekwall on

"Police Hacks, Disrupts Redline, Meta Infostealer Operations"

"Police Hacks, Disrupts Redline, Meta Infostealer Operations"

The Dutch National Police and partner law enforcement agencies have disrupted the "Redline" and "Meta" infostealers, collecting data that may reveal users who paid for the malware. Redline and Meta are infostealers that can steal victims' machine information, credit card data, browser history, cryptocurrency wallet credentials, and more. This article continues to discuss the disruption of the Redline and Meta infostealer operations.

Submitted by Gregory Rigby on
Subscribe to